A new zero-day flaw has been discovered in OS X Yosemite, which allows an attacker to circumvent user passwords and gain root access. This follows Apple's recent patch for the DYLD_PRINT_TO_FILE vulnerability, another zero-day issue that gave attackers the ability to gain root access.

According to Apple Insider, Italian developer Luca Todesco discovered the vulnerability and used "a combination of attacks – including a null pointer dereference in OS X's IOKit – to drop a proof-of-concept payload into a root shell." The vulnerability, which Todesco did not share with Apple before publicly disclosing it, has been found to affect every version of OS X Yosemite. Apple has yet to respond to the flaw.

Apple recently announced that its upcoming OS X El Capitan release "would ship with a new security feature called 'rootless,' [which is] ... designed to restrict third-party applications from modifying certain parts of the system ... in a manner similar to the more aggressive sandboxing in iOS."